How to detect multiple IP Addresses being used from the same Notes user id.
To enable the detection of a Notes user ID file being used from multiple IP Addresses, go to the SecurTrac Server Settings document Detection Tab and select the options as seen below:
- If a Notes User ID accesses the Domino server from different IP addresses within the same day, SecurTrac will send notification alerts.
To reduce possibility of false positives, SecurTrac will clear the user access information on a daily basis.
Here is an example:
2013-10-18 09:00AM User "John Smith/Thunder" accesses the server from "10.0.1.123".
2013-10-18 10:00AM Another user uses John's ID to access the server from "10.0.1.124". <-- (1) (3)
After a day...
2013-10-19 02:00AM SecurTrac clears the user access information at night.
2013-10-19 09:00AM User "John Smith/Thunder" accesses the server from "10.0.1.130" (The DHCP server then assigns another IP Address to him). <-- (2)
2013-10-19 10:00AM Another user uses John's ID to access the server from "10.0.1.138". <-- (3)
(1): SecurTrac generates an alert as John's Notes User ID has been used from another different IP to access the server.
(2): SecurTrac does not generate an alert as the user access information from the previous day has been cleared.
(3): SecurTrac generates an alert as John's User ID has been used from another different IP to access the server.
-------------------------------------------------------------------------------------------------------------------------------------------